Skip to main content

Security Access Manager For Mobile

21 CVEs product

Monthly

CVE-2017-1489 MEDIUM This Month

IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Tivoli Access Manager For E Business Security Access Manager For Web Software Security Access Manager For Web Appliance +3
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5919 HIGH PATCH This Week

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Access Manager For Web 7 0 Firmware Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2015-5013 MEDIUM PATCH This Month

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile Security Access Manager 9 0 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-3020 MEDIUM PATCH This Month

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Security Access Manager For Web 7 0 Firmware Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile +1
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-3046 LOW PATCH Monitor

IBM Security Access Manager for Web is vulnerable to SQL injection. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile Security Access Manager 9 0 Firmware
NVD
CVSS 3.0
2.7
EPSS
0.1%
CVE-2016-3045 LOW PATCH Monitor

IBM Security Access Manager for Web stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-3043 MEDIUM PATCH This Month

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager For Web 7 0 Firmware Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile +1
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-3018 MEDIUM This Month

IBM Security Access Manager for Web is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Access Manager Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-3025 HIGH This Week

IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Access Manager Security Access Manager For Mobile
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2014-6089 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Security Access Manager For Web Security Access Manager For Mobile
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-6088 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web Security Access Manager For Mobile
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-6087 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web Security Access Manager For Mobile
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-6086 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-6084 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-6083 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web Security Access Manager For Mobile
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-6082 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Security Access Manager For Web Security Access Manager For Mobile
NVD
CVSS 2.0
4.0
EPSS
0.8%
CVE-2014-6080 MEDIUM This Month

SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-6078 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-6077 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Security Access Manager For Web Security Access Manager For Mobile
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-6076 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4751 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Mobile 8.0.0.0, 8.0.0.1, and 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Security Access Manager For Mobile
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Tivoli Access Manager For E Business +5
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Access Manager For Web 7 0 Firmware +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Access Manager For Web 8 0 Firmware +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Security Access Manager For Web 7 0 Firmware +3
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

IBM Security Access Manager for Web is vulnerable to SQL injection. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Security Access Manager For Web 8 0 Firmware +2
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

IBM Security Access Manager for Web stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager +2
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager For Web 7 0 Firmware +3
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Security Access Manager for Web is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Access Manager +2
NVD
EPSS 1% CVSS 8.1
HIGH This Week

IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Access Manager +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Security Access Manager For Web +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Mobile +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Mobile +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web +1
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Security Access Manager For Web +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Security Access Manager For Mobile +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Access Manager For Mobile +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Access Manager For Mobile +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Mobile 8.0.0.0, 8.0.0.1, and 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Security Access Manager For Mobile
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy